Using the car analogy for the model:

kit car: you get the pieces, you put it together, you are resposible for not only the seatbelt, but the seats as well, and how many of each you want. you are the manufacturer.

manufacured car: you buy it off the lot, they tell you how much it costs, and what it is, and who has what resposiblities.

open source: you get the pieces (source code), you put it together (definition of compilation), you decide on the features, you enforce the features, you are the manufacturer.

compiled binaries: you buy it of the shelf, they set the price, they say what it does (advertising), and what their responsability is (licences, etc)

If the manufactures do not live up to their advertising, and resposabilities, then they should be legally liable. What manufactures are not promising are products that are secure, or products that will even work. It should be on the owness of the populace to purchase products that can make these promises. It should be on the manufacture's job to make sure this information is not shrouded in smoke and mirrors, and 6 pages of ascii text.

Open source says hey, you do it yourself. Compiled binaries say hey, we've done it for you, this is what it does, period. (to make a long story short)

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/47/9266#9266